Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use of Encryption Foiled the Cops a Record 9 Times In 2013

Posted by timothy on from the achievement-unlocked dept.

realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."

115 comments

  1. First post! by GameboyRMH · · Score: 4, Funny

    Rapelcgvba SGJ!

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:First post! by Anonymous Coward · · Score: 0

      It would have been more secure if you had used Rot13 twice.

    2. Re:First post! by uninformedLuddite · · Score: 1

      Even encryption serves the patriarchy's fantasies

      --
      The new right fascists are bilingual. They speak English and Bullshit.
  2. Rot14 by MouseR · · Score: 1

    really confuses NSA.

  3. I smell a rat. by Anonymous Coward · · Score: 5, Insightful

    There are obviously thousands of people using encryption because they have a legitimate reason to hide something, and criminals also have something to hide, so it stands to reason that they'd also use encryption.

    So why aren't there more cases of encryption impeding an investigation? Possibilities:

    1) Only stupid people (who don't use encryption) are caught - yeah, not with numbers /that/ low;

    2) The numbers are being deliberately under-reported;

    3) A lot of encryption is breakable or has backdoors;

    4) Most people under investigation have software planted on computers or hardware keyloggers.

    1. Re:I smell a rat. by JimFive · · Score: 5, Insightful

      You forgot:

      5) Most crimes leave evidence that is not on the criminal's computer.

      --
      Please stop using the word theory when you mean hypothesis.
    2. Re:I smell a rat. by rogoshen1 · · Score: 5, Insightful

      that oblig xkcd comic about a heavy wrench defeating encryption is more likely.
      "we'll drop the sentence to 1 year in prison if you give us the keys, or you can fight us, and we'll go for 25 to life."

      (protip: the wrench can be a metaphor)

    3. Re:I smell a rat. by Charliemopps · · Score: 1

      You forgot:

      5) Most crimes leave evidence that is not on the criminal's computer.

      or
      6) The encrypted cellphone is thrown into the evidence bag and never looked at again because the arresting officer couldn't get it open.

      I'd think it would be pretty rare that the police knew there was something encrypted that could help their case and just couldn't get to it. In most cases the encryption not only protects the data, it also hides its existence all together.

    4. Re:I smell a rat. by Shakrai · · Score: 4, Informative

      There are obviously thousands of people using encryption because they have a legitimate reason to hide something

      My hard drives are encrypted simply because my entire life is on them and I'd rather not have everything you need to steal my identity fall into the hands of whomever broke into my house and stole my PC. I take similar precautions with physical documents that could be used to the same end. My SSA card and Passport are kept in the Safe Deposit Box except when needed, other forms of ID are always kept on or near my person, so they're not apt to be stolen in a burglary.

      I don't know or care if LUKS and Truecrypt are secure enough to resist access by a well resourced and competent government agency. They provide ample security for the threat vectors that I care about.

      Most people under investigation have software planted on computers or hardware keyloggers.

      This, along with other side channel attacks (social engineering, or even simply guessing the password, remembering that most people use easily guessable passwords) is the most likely explanation. If the United States Federal Government has ways of breaking modern ciphers they're not going to throw it away to secure mundane criminal convictions.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    5. Re:I smell a rat. by Anonymous Coward · · Score: 1

      Nine times.

    6. Re:I smell a rat. by Anonymous Coward · · Score: 1

      "Eat shit, motherfuckers. If you had me on charges with that kind of sentence potential, ya wouldn't NEED my keys. Wuddya, think I'm stupid?"

    7. Re:I smell a rat. by davydagger · · Score: 4, Informative

      that is somewhat bullshit.

      9 times out of 10, someone trying to crack your encryption is not going to be someone who is able to use that amount of leverage. Most likely they are going to subversively copy your data, or

      As far as I am concerned, I don't need my encryption to completely uncrackable. If all encryption does is provide tamper evidence, and doesn't allow undetectable snooping I am OK.

      Also, ability to crack encryption in an investigation/forced to decrypt for trial, is not the same as undetectable mass survailence. If all encryption does is force cops to go back to needing warrants and subopeanas, and due proccess, I think its done its job quite well.

    8. Re:I smell a rat. by Anonymous Coward · · Score: 5, Insightful

      >
      > have a legitimate reason to hide something
      >

      A person does not ever require a "legitimate reason" to use encryption. A person can transmit information in any way he may see fit or in any way he may simply desire without needing a reason or explanation.

      If I want to strongly encrypt a cooking recipe that I email to my grandmother, then it is my business and my business alone.

      The point is that criminal intent or any other intent cannot/should not be inferred solely from the act of encryption.

    9. Re:I smell a rat. by Anonymous Coward · · Score: 0

      5) Suspect was legally compelled to decrypt documents/device.

    10. Re:I smell a rat. by Anonymous Coward · · Score: 0

      If you can dodge a wrench, you can dodge jail time.

    11. Re:I smell a rat. by BradMajors · · Score: 1

      5) People use encryption in an insecure manner.

    12. Re:I smell a rat. by Anonymous Coward · · Score: 0

      5) Cops had actual evidence and didn't need to go on a fishing expedition

    13. Re:I smell a rat. by CBravo · · Score: 1

      Any degree of privacy-requirement is enough for me to start using encryption.

      --
      nosig today
    14. Re:I smell a rat. by Anonymous Coward · · Score: 1

      6) The cases were prosecuting other police, people of power or government entities the police didn't 'really' want to prosecute.

      In that case, perhaps a simple ROT13 is enough 'encryption' the police cant break the hard drive and get the evidence.

    15. Re:I smell a rat. by FuzzNugget · · Score: 1

      Also: he's probably overestimating the number of people using disk encryption. "Obviously" is not good enough for these assertions.

    16. Re:I smell a rat. by AmiMoJo · · Score: 2

      What is the punishment for refusing to hand over keys? In the UK it is only 2 years, so if you are accused of anything with a longer sentence or some other punishment like being on the sex offenders register you might as well take the two years. Also, "I forgot" is supposed to be a valid defence, unless they have evidence beyond reasonable doubt that you didn't forget, but I wouldn't rely on that.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re:I smell a rat. by roc97007 · · Score: 4, Insightful

      > 6) The encrypted cellphone is thrown into the evidence bag and never looked at again because the arresting officer couldn't get it open.

      Beat me to it. I'd put it more generally as "the police were stymied by encryption 2,316 times last year, but only recognized the fact nine times".

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    18. Re:I smell a rat. by roc97007 · · Score: 3, Informative

      > 9 times out of 10, someone trying to crack your encryption is not going to be someone who is able to use that amount of leverage.

      It's not about having that kind of leverage. In an interrogation, a cop is not required to tell you the truth. Never forget that.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    19. Re:I smell a rat. by roc97007 · · Score: 2

      I think relying on "I forgot" is probably a good strategy if you have nothing to lose.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    20. Re:I smell a rat. by Anonymous Coward · · Score: 0

      Let's define "using encryption" as using stuff where a reasonably well-informed user believes it's decent, and they're exchanging keys correctly, etc. Forget casual use of HTTPS or the link between someone's phone and their cell tower, etc. Don't count those as "using encryption." Now:

      There are obviously thousands of people using encryption [which they think probably works].. So why aren't there more cases of encryption impeding an investigation?

      Maybe "obviously thousands" (or whatever the actual number is) is a drop in the bucket within the overall sphere of human endeavor. There are hundreds of millions of people in the US.

      And even whenever anyone in this minority does happen to get investigated for some suspected crime, that doesn't mean their computer will be involved. No matter how good your crypto is, if you don't see the cop with the radar gun in time and slow down, no cop is going to be saying anything about "te encryption sure is making it hard" in relation to your speeding ticket. Similarly if your infraction is "driving while black" rather than speeding.

      Beyond that: let's take a look solely at situations where someone actually is committing crimes, and where some evidence is encrypted. Why wouldn't cops be running into that problem? Because they're not investigating. Remember that most crimes go undetected and most crimes are never investigated. And if you're being sneaky enough to encrypt, then you're probably be sneaky in other ways too, so it's likely that no one is ever looking at your computer in the first place.

      By the time they get a warrant to sieze your computer, they probably already have witnesses and other evidence too. "I saw him do that bad thing, and I bet his computer has evidence to corroborate my testimony!"

    21. Re:I smell a rat. by roc97007 · · Score: 2

      I read somewhere of a type of safe called a "burn safe". If opened improperly, it destroys the contents. Apparently used for very sensitive physical documents.

      Of course, you should probably have backups somewhere, probably in a different burn safe geographically distant.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    22. Re:I smell a rat. by nospam007 · · Score: 3, Insightful

      "It's not about having that kind of leverage. In an interrogation, a cop is not required to tell you the truth. Never forget that."

      It doesn't matter what the cop says, YOU have to shut your mouth.
      Don't talk to the police, ever!
      It can only hurt you.

    23. Re:I smell a rat. by Anonymous Coward · · Score: 0

      ... and that's when they do. They have a lot more resources than you do. If you think cracking your disk is the key to prosecuting you, you're wrong. Your disk is the key to you pleading out by ratting out your conspirators.

    24. Re:I smell a rat. by swb · · Score: 1

      Backups in a stainless steel cylinder welded shut dropped in 50 feet of water and the GPS coordinates memorized.

    25. Re:I smell a rat. by wooferhound · · Score: 1

      But how many people did they investigate ?
      10, 100, 1000, 10000, 100000ooooo..........

      --
      We are Dead Stars looking back Up at the Sky
    26. Re:I smell a rat. by Anonymous Coward · · Score: 0

      We went that-a-way and didnt see anyone. Are you telling the truth? Are you impeding a police investigation? Did you misdirect us on purpose because your in on it? Come down to the station with us and we can ask you some further questions....

    27. Re:I smell a rat. by CharlieG · · Score: 2

      Well, How about (for real) a body was dumped in front of my house. They asked "Hey, we know that at 10:30ish this body was dumped in front of your house, did you happen to see the car?" (there were whiteness to the kidnapping a few miles away). Of course I told them what I knew "Nope officer, didn't hear/see a thing till I looked out the window and saw a bazillion flashing lights, sorry" "OK, Thanks"

      --
      -- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
    28. Re: I smell a rat. by chromeronin799 · · Score: 1

      And that is why there is protection against compelled disclosure of keys. Can you prove someone hant forgotten a password? What if like true crypts double volume, they just gave cops the key to the volume with nothing on it? What if it needed a kefile that has now been deleted or changed?

    29. Re:I smell a rat. by demonlapin · · Score: 1

      They can't punish you for not revealing your keys. They can, however, throw the book at you on any charge they can prove.

    30. Re:I smell a rat. by s.petry · · Score: 1

      The person you responded to said "UK", yes the laws are different there and last I heard you can be jailed in the UK for not unlocking what the cops tell you to unlock. Of course I don't live in the UK so that report I read may have been inaccurate or changed (but I don't believe so).

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    31. Re:I smell a rat. by TheLink · · Score: 1

      That's why the "bug" I submitted should be fixed: https://bugs.launchpad.net/ubu... ;)

      --
    32. Re:I smell a rat. by TheLink · · Score: 1

      But that's why this "vulnerability" should be fixed:
      https://bugs.launchpad.net/ubu...

      Imagine if by default if you don't uncheck a checkbox a popular distro has full disk encryption enabled and/or creates an encrypted container.

      Then they can't use the "wrench" on everyone that happens to have that distro, because it really is very plausible that the person doesn't have the keys to the container.

      As for the arguments against it - if you're in a country where they are still willing to use the "wrench" on someone who is likely to not have the keys, you're screwed already. In such countries if they're not happy with you, you're in big trouble whether you use crypto or not.

      --
    33. Re:I smell a rat. by dkf · · Score: 1

      If I want to strongly encrypt a cooking recipe that I email to my grandmother, then it is my business and my business alone.

      And your grandmother's business too, assuming you want actually communicate that cooking recipe to her.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    34. Re:I smell a rat. by Anonymous Coward · · Score: 0

      5a) If a crime does not leave evidence that is not on the criminal's computer, and the police cannot defeat the encryption, then the police can't conclude that there was a crime in the first place, and therefore don't count this as an instance of being "foiled".

    35. Re:I smell a rat. by SpzToid · · Score: 2

      Here's the legal argument for not talking to the police: https://www.youtube.com/watch?...

      --
      You can't be ahead of the curve, if you're stuck in a loop.
    36. Re:I smell a rat. by L4t3r4lu5 · · Score: 2

      This only applies for the US, where anything they say "... can be used against them..." Sworn testimony, or evidence given under caution or arrest, in the UK for example, can be used by both prosecution and defense.

      Still, you're definitely supposed to talk to a legal representative prior to talking to Police in any jurisdiction.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    37. Re:I smell a rat. by L4t3r4lu5 · · Score: 3, Insightful

      Your "burn safe" is vulnerable to denial of service. Say you lose the key, or the keypad is damaged; How do you get your documents? What if someone just hits it with a hammer until the system is activated, just to piss you off?

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    38. Re:I smell a rat. by Ash-Fox · · Score: 1

      There are obviously thousands of people using encryption because they have a legitimate reason to hide something

      Some also use it to prevent tampering.

      So why aren't there more cases of encryption impeding an investigation?

      Perhaps some of those people people whom use encryption properly are more law abiding.

      --
      Change is certain; progress is not obligatory.
    39. Re:I smell a rat. by demonlapin · · Score: 1

      He was asking about the US. So I told him what happens in the US.

    40. Re:I smell a rat. by Anonymous Coward · · Score: 1

      EEEEK! Another authoritative IANAL pronouncement about the law.

      Here's the correction: A cop is required to tell you the truth IF the falsehood materially prejudices the suspect. There's a famous case in which cops drove a suspected serial killer around in a car and tricked him into revealing the location at which a victim's body was buried by lying about catastrophic effects upon the victim's family. The resulting conviction, based largely upon discovery of the body, was overturned on exactly this ground. We all study that course in law school because of its continuing precedential value.

    41. Re:I smell a rat. by davydagger · · Score: 1

      still thinking far ahead.

      most of the time its going to be stuff they either steal or copy, without letting you know who's taken it, and they are most likely not going to do anything to you to get the passwords/keys.

      uncrackable encryption protects against this.

      You can use rubber hose cryptography on one person. You can use rubber hose cryptography on a handful of people.

      You cannot routinely beat people for information, with anything other than a fairly obvious hard police state that would make it impossible for most of America to ignore.

  4. The headline should really read: by ledow · · Score: 2

    "UK Government / celebrated top-notch British mathematicians create encryption that's still fit for purpose decades after their death."

    An encryption scheme that can be cracked by teenagers, camels, mathematicians, governments, police, military or the guy down the road? Not an encryption scheme. Certainly not one for large-scale deployment in public security projects.

    Works as intended. The fact that it may, unfortunately, be a tool used by miscreants as well as law-abiding citizens is an unfortunate side-effect, like hammers being useful for smashing windows AND doing carpentry.

    1. Re:The headline should really read: by Anonymous Coward · · Score: 0

      'a tool used by miscreants' - yes sadly most often by the ones who believe they are the masters of the law-abiding citizens.

    2. Re:The headline should really read: by Anonymous Coward · · Score: 0

      They don't even have to bother, they just say the hard drives crashed and were thrown away - then nothing happens.

  5. Scare tactics by fustakrakich · · Score: 5, Insightful

    Public opinion needs to be turned against anything (such as the bill of rights) that could hinder the authorities.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Scare tactics by wiredlogic · · Score: 1

      That isn't necessary. The sheeple are already conned into believing that the bill of rights enumerates all rights of the people and the government has the power to regulate anything not on the list as well as some particulars of things that are listed.

      --
      I am becoming gerund, destroyer of verbs.
  6. I smell a rat got it right by Anonymous Coward · · Score: 0

    At least this message shows what investigators think about the average perp.

  7. Before and After by Anonymous Coward · · Score: 0

    Really all that's changed is that they expanded the definition of 'criminal' a little more until it's now a thing.

    Couple of years back for example they added "infants in their crib" and "elderly grandmothers whose homes you break into in the middle of the night" to the list of what qualifies a meathead as a perp!

  8. I must be getting old by Anonymous Coward · · Score: 0, Insightful

    I just reviewed the last four days of Slashdot, and found only two articles that interested me enough to click through. I must be getting old. Or maybe Slashdot has changed.

    1. Re: I must be getting old by Teranolist · · Score: 1

      How about slashdot is getting old? or "modern" to stay on the dice roadmap

    2. Re: I must be getting old by Anonymous Coward · · Score: 0

      DICE is certainly not 'modern'. More like I mis-read your post accidentally when I read 'modem' instead of 'modern'.
      And they are quiet like the 14.4K "turbo highspeed" modem of the mid 90s. Something you might find was accidentally
      left in the box when they packed up the things you bought at a garage sale.

      Don't let DICE tell you what the market is. Ever.

  9. Yay exponential growth! by MRe_nl · · Score: 2

    At this rate we should have full encryption in no time!

    --
    "Kill 'em all and let Root sort 'em out"
    1. Re:Yay exponential growth! by biodata · · Score: 1

      Is it really exponential growth? From 2011 to 2012, growth was infinity%, and between 2012 and 2013 it was only 125%. Growth seems to be slowing a lot.

      --
      Korma: Good
  10. OVER 200%! by Anonymous Coward · · Score: 1

    Just wait until someone tries to spin this as an increase of over 200%, and therefore is a great and looming threat that we need to crack down on.

  11. Cops will have to strip to count to 21! by Anonymous Coward · · Score: 0

    Oh noes!

  12. Criminal hippies by skiminki · · Score: 1

    So, in 2013 there was a record 9 cases where criminals used FOSS?

  13. Small problem? by Anonymous Coward · · Score: 0

    You will see the government prop encryption up as a boogeyman, but this is actually a very small problem for them.

    Well, what happens when it's a bigger problem? Of course, they will outlaw encryption, except for "authorized use only".

  14. Correction...That you know of... by KingOfBLASH · · Score: 2

    Bollocks. The only difference between today and the past is that you can easily see an encrypted file, you can know it's encrypted, surmise it's probably got something juicy, and just be unable to break in.

    It has the exact same effect as a lot of low tech stuff. For instance, memorizing a secret note than burning it would also leave no trail for law enforcement to follow. As would a secret conversation a thousand years ago you can't overhear because there was no listening devices around back then.

    Therefore, I would suggest that actually finding encrypted files law enforcement cannot break into is actually an improvement.

    1. Re:Correction...That you know of... by Shakrai · · Score: 1

      The only difference between today and the past is that you can easily see an encrypted file, you can know it's encrypted

      Huh? Modern ciphertext is indistinguishable from random noise. Some implementations leave behind clues (i.e., Truecrypt containers are always divisible by 512 bytes), and of course the user can give it away ("KIDDIE PORN COLLECTION.TC" <--- Probably not the best naming scheme) but I'm not aware of any foolproof method to concretely identify an encrypted file as such with modern implementations.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Correction...That you know of... by fnj · · Score: 1

      Er, if you find a file whose contents seem REALLY random, you can be pretty goddam certain that it's encrypted. Even binary files practically always contain valid strings in the header - database files, exes, mpegs, jpgs, etc, etc.

    3. Re:Correction...That you know of... by Shakrai · · Score: 1

      "Pretty goddamn certain" != "beyond a reasonable doubt"

      Can you tell the difference between 1,024 MB of /dev/random and 1,024 MB of Truecrypt container? I didn't think so....

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    4. Re:Correction...That you know of... by geniice · · Score: 2

      No but I'm also going to be somewhat surprised if someone has a bunch of 1,024 MB blocks of /dev/random on their hard drive. Well I guess a few statisticians might.

      In practice odds are I simply don't care. Most criminals leave far more evidence than the police actually need to get a conviction. If I can't open a file with one click I'm going to go back to looking at your bank statements for interesting payments.

    5. Re:Correction...That you know of... by KingOfBLASH · · Score: 1

      If that was really true then why does this article exist?

      It's clear something is encrypted because you have to have it clear the file system should not overwrite and the markers make it quite clear that it's not just random noise. Even more clear is if you open up a computer you know should be working but it asks for a password to decrypt the hard drive.

    6. Re: Correction...That you know of... by Jason+Levine · · Score: 1

      Modern ciphertext is indistinguishable from random noise.

      This is a big reason why I think SETI-type programs are doomed to fail. If it would be hard to tell the difference between encrypted data and random data, how much harder would it be to tell the difference between an alien encryption scheme and random noise?

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    7. Re: Correction...That you know of... by nospam007 · · Score: 2

      "This is a big reason why I think SETI-type programs are doomed to fail. If it would be hard to tell the difference between encrypted data and random data, how much harder would it be to tell the difference between an alien encryption scheme and random noise?"

      If aliens want to communicate with us, they won't use encryption. They'll make it as easy as possible. (The'y'll probaly send a .DBF :-)
      Or we just watch their 'I love Lucy'.
      SETI isn't trying to break encrypted files from Space Nazis.

    8. Re:Correction...That you know of... by wiredlogic · · Score: 3, Funny

      I prime all my drives with GNU shred since its PRNG is faster than /dev/random and good enough for creating background noise. I've considered writing a program that exhibits statistical anomalies such as Benford's law or randomized MPEG blocks for kicks. Or maybe even valid MPEG encoded noisy frames of Goatse zooming in repeatedly.

      --
      I am becoming gerund, destroyer of verbs.
    9. Re:Correction...That you know of... by Anonymous Coward · · Score: 0

      Yah, funny that. I always use large files of random data to test radio modems because it is incompressible. I have on occasion pitied the poor CIA/NSA/GCHQ capturing my tests and trying to decipher it.

    10. Re:Correction...That you know of... by JesseMcDonald · · Score: 1

      It's clear something is encrypted because you have to have it clear the file system should not overwrite and the markers make it quite clear that it's not just random noise.

      Sometimes encrypted data is stored inside a container that makes it clear that it's encrypted. However, that isn't always the case. If I run "dd if=/dev/urandom of=file count=2K" then I have one megabyte of data that won't be overwritten by the filesystem, but there is no way to tell from the contents whether it's encrypted or random noise. If it were encrypted, the only way to prove it would be to find a key that decrypts it into something intelligible. The problem in this case is that it's obvious that the file exists, and I would need to come up with a good excuse for having a file full of random noise lying around on my hard disk. (Perhaps I'm researching properties of PRNGs?)

      There are ways to go further and make it impossible to know whether there is anything there at all. For example, an encrypted filesystem can be designed to set aside a fixed amount of space for a nested "hidden volume", initialized to random noise. Since the hidden volume is always present there is no proof that I set it up deliberately or have access to the contents; there may not even be a valid decryption key. If I say that I installed the system to keep my private financial documents in the top layer, and never set up the hidden volume, there's no way to prove otherwise simply by analyzing the filesystem.

      And then there's steganography, where you replace expected randomness with random-seeming ciphertext. In this case (if properly implemented) there is nothing to indicate that the encrypted data is present at all. In the second case the hidden volume provides plausible deniability by design, but in the case of steganography the randomness is an unavoidable side-effect of some other process, like the least-significant bits in raw image file or audio stream, so there is no need to explain it away.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
    11. Re: Correction...That you know of... by Jason+Levine · · Score: 1

      SETI is trying to pick up alien signals. These might not be "Hi there humans, we are here" messages. Instead, they might be more mundane messages that alien civilizations "leak" out right after they learn how to use radio signals to communicate. Of course, if they encrypt those radio signals (using a purely alien encryption sequence, of course), we might not be able to tell that encrypted data from random noise.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  15. They'd be stumped more often by l0ungeb0y · · Score: 4, Interesting

    But so far, the only criminals using encryption are the smart ones who take precautions not to even become suspects in the first place. And just because the authorities were stymied by encryption, or that the suspects used encryption does not mean that the suspects were actually guilty of any crime. Personally, I'd much rather a few crimes go unsolved than live in an authoritarian Police State.

    1. Re:They'd be stumped more often by Anonymous Coward · · Score: 0

      As Chief Wiggum says:

      I'd rather than 1000 criminals go free than chase after them

    2. Re:They'd be stumped more often by MickLinux · · Score: 1

      Or, aleernatively... letting a few crimes go unsolved is part and parcel of an authoritarian police state.

      Right now, we have on our 'unsolved docket' Lois Lerner, war crimes by US troops in Iraq, high treason by various top operatives violating their constitutional oaths and undermining the rule of law, thus aiding the enemies of the US, embezzlement by bankers who control the Fed, breach of fiduciary duty by BoA under the blackmail of Paulson that he would break the law... and now most recently high crimes by that French bank in criminal money laundering, in one is the biggest ever (9 billion) fine, but unfortunately, we can't find the criminal.

      And that's just the US. I haven't hit one percent of the unsolved crimes yet.

      Leaving a 'rule of law' nation sucks.

      --
      Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
  16. Is GSM encryption? by Anonymous Coward · · Score: 0

    I'm wondering what they count as encryption: GSM, WEP, RC4, Cryptoloop, SSL are nowadays just scramblers not encryption.

  17. I'm waiting for "bait" files to hit the news by Anonymous Coward · · Score: 0

    How soon before we hear about a real arrestee who scattered his hard disk with encrypted files (all with different algorithms/passwords of course) and threw in some seemingly-incriminatingly-named files that were nothing but either raw random data or random data that was actually encrypted?

    Think of it as a "tar pit" for the police.

    1. Re:I'm waiting for "bait" files to hit the news by geniice · · Score: 1

      Err quite a while. The reality is that with enough effort the police can probably get you convicted of something. There are a lot of laws and you don't know them all. The last thing you want to do is make them look more closely at you.

  18. Out of how many? by pjwhite · · Score: 1

    The headline is meaningless without also including the number of cases actually involving encryption. Looking at the article, that number appears to be 41.

  19. From the police report... by MasterOfGoingFaster · · Score: 2

    Status: Unable to prosecute due to lack of evidence.

    Reason: Suspect used full-disk encryption. Unable to persuade suspect due to lack of wrench availability.

    --
    Place nail here >+
  20. ItsATrap by mysidia · · Score: 3, Insightful

    With 90% confidence; I estimate this is a trap. Police can defeat encryption, no problem, usually by coercing the defendant. The reports by the police themselves are geared at getting tougher anti-privacy/anti-encryption legislation and giving bad guys a false sense of security. The feds could likely have broken the encryption, no problem, the issue at hand just wasn't important enough to reveal the capability. Pretending not to have the capability gives politicians better ammunition when improving state powers for legal surveillance, and for forcing the hands of software providers to secretly include specified backdoor tech.

    when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.

    1. Re:ItsATrap by matbury · · Score: 1

      No, it's a trap when Apple, Google, M$, et al tell users that their IM clients and email are secure, even though they have the encryption keys and readily hand them over to authorities without a warrant.

      AFAIK, nobody has a way of breaking end-to-end encryption without compromising one of the surveillance victims' computers or somehow getting hold of the encryption keys.

    2. Re:ItsATrap by AHuxley · · Score: 1

      Yes, considering all the help fusion centers offered, tame banks, tame telcos, tame software developers, lack of peer review, the number of informants working on software projects, the number of informants working to find ways into software, tame AV vs keyloggers, tame telco software vs your keystrokes, sneak and peek letters.
      Anything 'consumer' digital is a huge trap. From development, your input, encoding, transmission, decoding, display - so many layers and very tame access.
      With sneak and peek letters why would the data recovered be kept in the country of origin: USA, Canada, UK could just swap the results found up to their respective security services and swap plain text back to each other - parallel construction.
      No FIOA, nothing in the case file, no law reformers, no press, no legal teams to links to another country :)

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:ItsATrap by MickLinux · · Score: 1

      It's doubly a trap when those same companies, which have multiple backup systems on the emails, suddenly cannot recover anything following a series of six separate 'hard drive crashes' on RAID-7 systems, so that the IRS' evidence can no longer prove criminal intent by leaders of the government.

      Leaving a 'rule of law' nation sucks.

      --
      Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
    4. Re:ItsATrap by mysidia · · Score: 1

      suddenly cannot recover anything following a series of six separate 'hard drive crashes' on RAID-7 systems, so that the IRS' evidence can no longer prove criminal intent by leaders of the government.

      I read the sections of The Internal Revenue Manual pertaining to Emails as criminal records.

      And I am personally convinced, that the IRS objective is malicious compliance; instead of creating a searchable permanent digital record of all employee e-mail, it seems they go out of their way to say "Preserve digital versions only for limited periods", and it's up to each employee to manually print the approximate hardcopy of the data and have the printout, of anything to be deemed "a record":

      1. 1.10.3.2.3 (07-08-2011) Emails as Possible Federal Records - Advises Employees - To save emails and attachments that meet the definition of a federal record be added to the organization’s files by printing them and filing them with related paper records.
      2. They are using Microsoft Exchange. This is an e-mail server application that has a feature called personal archive, which they apparently choose not to use, even though a few thousand terabytes of cloud storage is much cheaper than the equivalent pieces of paper and filing procedures.. In addition, there are many archiving applications available for Exchange, and there is a Journaling feature in Exchange which can be used to support permanent archiving of all mail.
      3. They impose a 500 megabyte limit on their users' mailboxes. The Exchange software default is 2 Gigabytes, in other words: they are going out of their way to coerce employees towards deleting mail, and intentionally making the system 100% reliant on the employee ---- so that any error on the employee's part results in no record generate.

        Note: Their employee manual specifically advises employees to delete mail: Delete some mail from your mailbox or contact your system administrator to adjust your storage limit. (Consider whether any of the items you want to delete may be a federal record. IRM 1.10.3.3.2 above.)
  21. 900% Increase by Anonymous Coward · · Score: 0

    In other news, law enforcement tells Congress that the number of crimes that went unsolved or unprosecuted over the past two years because of widespread use of encryption increased 900%. Requests new powers and increased budgets to counter the unprecedented threat.

  22. bad math by Anonymous Coward · · Score: 0

    good example of how not to report rates

  23. I was going to ask ... by Alain+Williams · · Score: 1

    what sort of encryption(s) were the cops unable to break - assuming that they were able to tell by looking at the files; failing that what were the ones that they succeeded in breaking? That might be useful as it would guide me in choosing which algorithms to use for encrypting my stuff.

    Then is occurred to me that if the cops revealed it I must assume misinformation. They surely would not make their life difficult by telling me how to defeat them -- or would they answer the question honestly ? So: I could ever trust their answer -- is there any point in even asking them the question ?

  24. Re:xkcd by Anonymous Coward · · Score: 1

    It's not obligatory.

  25. Encryption in the hands of a layperson by iamacat · · Score: 1

    Is like a gun of an average NRA nut - totally useless for security, while advertising to the whole world that you want to get in trouble. These encrypted files on your hard drive have been transmitted over online services and shared with other people. It's far more convenient for police to get a warrant for online data and lean on those people than tinker with your computer. On the other hand, discovery of encrypted files that you are not willing to open is an excellent clue that getting these warrants and harassing your friends is a good use of police time.

    Now, when it comes to passwords, your cipher might be 64 bit, but the space of words and phrases that an average person is able to remember is much smaller. Chances are, yours can be cracked with a map reduce task running on Amazon public cloud, for a small fraction of a budget DAs would allocate for a major case. If not, it's just back to harassing your friends and family. And it's not likely you personally are trained to withstand experienced interrogators and fitted with a dental filling cyanide capsule to swallow once you have reached your limit.

    Most of those 9 cases probably came from lame police departments that just were not equipped/talented enough to do old fashioned honest investigate works. At the same time, thousands of criminals have evaded capture through old fashioned guile and ingenuity. If you want to evade authorities, for good or evil reasons, it's best to stick to simple things. An iPad hidden under a neighbors door rug is more likely to evade detection than an encrypted one in your house.

    1. Re:Encryption in the hands of a layperson by uninformedLuddite · · Score: 1

      Is like a gun of an average NRA nut - totally useless for security

      You advertising your prejudices again?

      --
      The new right fascists are bilingual. They speak English and Bullshit.
    2. Re:Encryption in the hands of a layperson by iamacat · · Score: 1

      Just cold, hard facts my friend. A gun will not make you or your family safer without police-grade training repeated on regular basis. As much as it appeals to your ego to think you are the next Rembo, all objective studies have found that adults are not able to effectively take out a gunman without endangering themselves and bystanders. And kids don't stay away from guns no matter what safety classes they attend.

  26. What software? by manu0601 · · Score: 1

    Too bad they do not tell what are the resistant softwares.

  27. Security Through Antiquity by vomitology · · Score: 1

    I keep all my 'important' files in .JAR format on 5 1/4 floppies.

    --
    ~Knowledge is knowing that a tomato is a fruit, but Wisdom is knowing not to put it in a fruit salad.
    1. Re: Security Through Antiquity by Anonymous Coward · · Score: 0

      I thought JAR format was the same as DOCX...

  28. "Informants" (read: bribery) by Anonymous Coward · · Score: 0

    Or just bribing actual criminals who you've never even seen before to rat you out, by granting reductions on hugely-inflated drug addiction sentences. The current prosecutorial regime could convict anyone of anything they wanted, with a 99.9% or better success rate. If you think being innocent will lead to a finding of "not guilty", you're sorely mistaken.

    1. Re:"Informants" (read: bribery) by MickLinux · · Score: 1

      Which, if this chain of thought is correct, leads to the conclusion that in those 9 cases, either police were NOT corrupt (and so could be foiled) or were corrupt, and wanted to be foiled.

      I'm not sure that the chain of thought is correct. In some areas --Illinois for example, I would expect it to be.

      --
      Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
  29. Security Through Antiquity by Anonymous Coward · · Score: 0

    What, both bytes of data?

  30. Get one now! by Anonymous Coward · · Score: 0

    Use decrypt stick 9000, works every time and can even help with memory recall.

  31. 99.99% video camera. 0.01% go around it by raymorris · · Score: 1

    I'd think at least 99.99% of cases don't involve the suspect using their computer at all. One of the most common crimes is using a stolen checkbook or credit card, in a brick-and-mortar store. Thefts might be solved by looking at the store's security video, etc.

    In the rare case where you're interested in an encrypted file, you can normally go around it. For example, if you wanted to prove child porn, the cached thumbnails that most image viewers create work just fine. Someone sending instant messages encrypted? Fine, the message log on their device is plaintext. Rarely do you need to crack the crypto.

    1. Re:99.99% video camera. 0.01% go around it by Anonymous Coward · · Score: 0

      http://slashdot.org/comments.p...

  32. will the real criminals plz stand up by Anonymous Coward · · Score: 0

    and can someone tell me which encryption software(s) work then? kk thx

  33. rtfa, it's not as bad as it sounds by tommyhj · · Score: 1

    It's 9 uncrackable cases, out of 45 encryption-cases, out of 3500 surveillance cases. Sounds pretty good to me. Mostly they would probably get the info some other way, hence not needing to crack encryption.

  34. Personal content by phorm · · Score: 2

    I've got an encrypted volume on my main box that's got stuff I'd rather not my family members/wife/friends get into. It's nothing illegal, and it's not something that would end in a divorce if she did see it, just a collection of stuff I'd rather not share with the world. Since I have people over for LAN parties and share out drives on occasion, making sure such files are in an encrypted container ensure that even if I accidentally gave them access to the wrong place, they won't be snooping around my stuff.

    Given the number of personal stuff people accidentally share over P2P networks (e.g. sharing all of "My Documents" for windows users), having stuff in an encrypted file in a safe place isn't a terrible idea. If the police want to see it, bring a properly signed warrant and go ahead. They'll likely be entertained but nothing is going to end me up in a PMITAP.

  35. "shock sites" by phorm · · Score: 1

    Now *that* would be amusing. Dual-container encrypted volume. The easily cracked volume containing a few years worth of stuff collected from various shock sites.
    Heck, no need even for dual encryption. Just make it something with an attention-getting name with an easy password stored in a place that curious inlookers could be easily trolled...

    Next time one of those "This is Microsoft, your PC is sending a virus" calls come through, I should share out a VM with one of these and a container marked "banking info 2014" and a password of "12345" :-)

  36. Ermmm... what??? by KevReedUK · · Score: 1

    Before this, the number stood at zero? Wouldn't it be more accurate to say that "before this, we have no f%@#ing clue what the number stood at because there is no data"???

    --
    Just my $0.03 (At current exchange rates, my £0.02 is worth more than your $0.02)